From b15ca8506d7c4ede7d69115231234f827569e335 Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Tue, 15 Oct 2024 11:57:59 +0200 Subject: [PATCH] Satosa config --- .../overlay/etc/hiera/data/local.yaml | 110 ++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 internal-dco-test-satosa-1.streams.sunet.se/overlay/etc/hiera/data/local.yaml diff --git a/internal-dco-test-satosa-1.streams.sunet.se/overlay/etc/hiera/data/local.yaml b/internal-dco-test-satosa-1.streams.sunet.se/overlay/etc/hiera/data/local.yaml new file mode 100644 index 0000000..2b14e10 --- /dev/null +++ b/internal-dco-test-satosa-1.streams.sunet.se/overlay/etc/hiera/data/local.yaml @@ -0,0 +1,110 @@ +satosa_config: + internal_attributes: "/etc/satosa/internal_attributes.yaml" + saml2_backend: "/etc/satosa/plugins/saml2_backend.yaml" + saml2_frontend: "/etc/satosa/plugins/saml2_frontend.yaml" + +internal_attributes: + attributes: + displayname: + saml: [displayName] + edupersonprincipalname: + saml: [eduPersonPrincipalName] + mail: + saml: [email, emailAddress, mail] + name: + saml: [cn] + surname: + saml: [sn, surname] + edupersonscopedaffiliation: + saml: [eduPersonScopedAffiliation] + subject-id: + saml: [subject-id] + +satosa_proxy_conf: + BASE: https://idp-proxy-test.streams.sunet.se + INTERNAL_ATTRIBUTES: "internal_attributes.yaml" + BACKEND_MODULES: + - "plugins/saml2_backend.yaml" + FRONTEND_MODULES: + - "plugins/saml2_frontend.yaml" + LOGGING: + version: 1 + formatters: + default: + format: "%(asctime)s [%(process)d] [%(levelname)s] %(message)s" + handlers: + console: + class: logging.StreamHandler + level: DEBUG + formatter: default + stream: ext://sys.stdout + loggers: + satosa: + level: DEBUG + handlers: [console] + saml2: + level: DEBUG + handlers: [console] +saml2_backend: + config: + sp_config: + key_file: backend.key + cert_file: backend.crt + encryption_keypairs: + - { key_file: backend.key, cert_file: backend.crt } + allow_unknown_attributes: true + metadata: + mdq: + - url: https://mds.swamid.se/ + cert: md-signer2.crt + entityid: https://idp-proxy-test.streams.sunet.se/sp + service: + sp: + name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient'] + allow_unsolicited: true + endpoints: + assertion_consumer_service: + - [//acs/post, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'] + - [//acs/redirect, 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'] + discovery_response: + - [//disco, 'urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol'] + want_response_signed: False + want_assertions_signed: False + want_assertions_or_response_signed: True + xmlsec_binary: /usr/bin/xmlsec1 + disco_srv: https://service.seamlessaccess.org/ds + attribute_profile: saml + module: satosa.backends.saml2.SAMLBackend + name: Saml2SP + plugin: BackendModulePlugin +saml2_frontend: + name: Saml2IDP + config: + entityid_endpoint: true + endpoints: + single_sign_on_service: + urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST: /sso/post + urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect: /sso/redirect + idp_config: + key_file: frontend.key + cert_file: frontend.crt + metadata: + local: + - metadata/sp_metadata.xml + entityid: https://idp-proxy-test.streams.sunet.se/idp + service: + idp: + endpoints: + single_sign_on_service: [] + name: SWAMID + name_id_format: ['urn:oasis:names:tc:SAML:2.0:nameid-format:transient'] + policy: + default: + attribute_restrictions: null + fail_on_missing_requested: false + lifetime: {minutes: 15} + name_form: urn:oasis:names:tc:SAML:2.0:attrname-format:uri + xmlsec_binary: /usr/bin/xmlsec1 + attribute_profile: saml + module: satosa.frontends.saml2.SAMLFrontend + plugin: FrontendModulePlugin